diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index f7bbc6d01..be74d092e 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -228,6 +228,7 @@ jobs: curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.16.0/jackson-core-2.16.0.jar curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/wsdl4j/wsdl4j/1.6.3/wsdl4j-1.6.3.jar + curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/org/apache/maven/maven-core/3.9.2/maven-core-3.9.2.jar FETCH_LICENSE=true bin/cdxgen.js -p standalone-jar-files -o bomresults/bom-standalone-jar-files.json --validate shell: bash - name: repotests 1.4 diff --git a/utils.js b/utils.js index 4b9b8f4cc..92c8ed184 100644 --- a/utils.js +++ b/utils.js @@ -6538,6 +6538,44 @@ export const encodeForPurl = (s) => { : s; }; +/** + * Method to get pom properties from maven directory + * + * @param {string} mavenDir Path to maven directory + * + * @return array with pom properties + */ +export const getPomPropertiesFromMavenDir = function (mavenDir) { + let pomProperties = {}; + if (existsSync(mavenDir) && lstatSync(mavenDir).isDirectory()) { + let mavenDirEntries = readdirSync(mavenDir, { withFileTypes: true }); + mavenDirEntries.forEach((mavenDirEntry) => { + if (mavenDirEntry.isDirectory()) { + let groupDirEntries = readdirSync( + join(mavenDirEntry.path, mavenDirEntry.name), + { withFileTypes: true } + ); + groupDirEntries.forEach((groupDirEntry) => { + if (groupDirEntry.isDirectory()) { + let pomPropertiesFile = join( + groupDirEntry.path, + groupDirEntry.name, + "pom.properties" + ); + if (existsSync(pomPropertiesFile)) { + const pomPropertiesString = readFileSync(pomPropertiesFile, { + encoding: "utf-8" + }); + pomProperties = parsePomProperties(pomPropertiesString); + } + } + }); + } + }); + } + return pomProperties; +}; + /** * Method to extract a war or ear file * @@ -6636,38 +6674,15 @@ export const extractJarArchive = function ( if (jarResult.status !== 0) { console.error(jarResult.stdout, jarResult.stderr); } else { - let group = "", - name = "", - version = "", - confidence = 1, - technique = "manifest-analysis"; // When maven descriptor is available take group, name and version from pom.properties // META-INF/maven/${groupId}/${artifactId}/pom.properties // see https://maven.apache.org/shared/maven-archiver/index.html - if (existsSync(mavenDir)) { - let groupDir = readdirSync(mavenDir); - if (groupDir && groupDir.length) { - let artifactDir = readdirSync(join(mavenDir, groupDir[0])); - if (artifactDir && artifactDir.length) { - let pomPropertiesFile = join( - mavenDir, - groupDir[0], - artifactDir[0], - "pom.properties" - ); - if (existsSync(pomPropertiesFile)) { - const pomProperties = parsePomProperties( - readFileSync(pomPropertiesFile, { - encoding: "utf-8" - }) - ); - group = pomProperties["groupId"]; - name = pomProperties["artifactId"]; - version = pomProperties["version"]; - } - } - } - } + const pomProperties = getPomPropertiesFromMavenDir(mavenDir); + let group = pomProperties["groupId"], + name = pomProperties["artifactId"], + version = pomProperties["version"], + confidence = 1, + technique = "manifest-analysis"; if ((!group || !name || !version) && existsSync(manifestFile)) { confidence = 0.8; const jarMetadata = parseJarManifest(